From 8eac412d9523a617f6ba3b4e59a6ceaced20bcf7 Mon Sep 17 00:00:00 2001
From: Scott Cantor <cantor.2@osu.edu>
Date: Thu, 2 Jul 2015 00:11:13 +0000
Subject: [PATCH] SSPCPP-659 - shibd doesn't set any umask

---
 configs/shibd-amazon.in    | 3 +++
 configs/shibd-osx.plist.in | 3 ++-
 configs/shibd-redhat.in    | 3 +++
 configs/shibd-suse.in      | 5 ++++-
 4 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/configs/shibd-amazon.in b/configs/shibd-amazon.in
index 3e4c477..c4fb2ca 100644
--- a/configs/shibd-amazon.in
+++ b/configs/shibd-amazon.in
@@ -25,12 +25,15 @@
 
 shibd="@-PREFIX-@/sbin/shibd"
 SHIBD_USER=root
+SHIBD_UMASK=022
 prog=shibd
 pidfile=@-PKGRUNDIR-@/shibd.pid
 lockfile=/var/lock/subsys/$prog
 
 [ -e /etc/sysconfig/$prog ] && . /etc/sysconfig/$prog
 
+umask $SHIBD_UMASK
+
 start() {
 	echo -n $"Starting $prog: "
 	if [ -f $lockfile ] ; then
diff --git a/configs/shibd-osx.plist.in b/configs/shibd-osx.plist.in
index c18ec58..6602265 100644
--- a/configs/shibd-osx.plist.in
+++ b/configs/shibd-osx.plist.in
@@ -8,7 +8,7 @@
 	<key>ProgramArguments</key>
 	<array>
 		<string>@-PREFIX-@/sbin/shibd</string>
-        <string>-F</string>
+		<string>-F</string>
 		<string>-f</string>
 		<string>-p</string>
 		<string>@-PKGRUNDIR-@/shibd.pid</string>
@@ -18,5 +18,6 @@
 	<key>OnDemand</key> <true/>
 	<key>StandardErrorPath</key> <string>/dev/null</string>
 	<key>UserName</key> <string>root</string>
+        <key>Umask</key> <string>0022</string>
 </dict>
 </plist>
diff --git a/configs/shibd-redhat.in b/configs/shibd-redhat.in
index 3e4c477..c4fb2ca 100644
--- a/configs/shibd-redhat.in
+++ b/configs/shibd-redhat.in
@@ -25,12 +25,15 @@
 
 shibd="@-PREFIX-@/sbin/shibd"
 SHIBD_USER=root
+SHIBD_UMASK=022
 prog=shibd
 pidfile=@-PKGRUNDIR-@/shibd.pid
 lockfile=/var/lock/subsys/$prog
 
 [ -e /etc/sysconfig/$prog ] && . /etc/sysconfig/$prog
 
+umask $SHIBD_UMASK
+
 start() {
 	echo -n $"Starting $prog: "
 	if [ -f $lockfile ] ; then
diff --git a/configs/shibd-suse.in b/configs/shibd-suse.in
index 318499f..411f20e 100644
--- a/configs/shibd-suse.in
+++ b/configs/shibd-suse.in
@@ -25,6 +25,7 @@ DAEMON=@-PREFIX-@/sbin/$NAME
 SCRIPTNAME=/etc/init.d/$NAME
 PID_FILE=@-PKGRUNDIR-@/shibd.pid
 SHIBD_USER=root
+SHIBD_UMASK=022
 DAEMON_OPTS=""
 
 # Force removal of socket
@@ -40,7 +41,9 @@ DAEMON_OPTS="$DAEMON_OPTS -p $PID_FILE"
 DAEMON_OPTS="$DAEMON_OPTS -w 30"
 
 [ -e /etc/sysconfig/$NAME ] && . /etc/sysconfig/$NAME
- 
+
+umask $SHIBD_UMASK
+
 # Exit if the package is not installed.
 test -x "$DAEMON" || exit 5
  
-- 
2.1.4